>-----Original Message----- >From: Jeff [mailto:[EMAIL PROTECTED] >Sent: Monday, March 17, 2003 11:42 AM >To: CF-Talk >Subject: Re: Application Security using cflogin and cfloginuser > > >on 3/17/03 11:14 AM, Raymond Camden at [EMAIL PROTECTED] wrote: >> Well, if it's user data like age, name, rank, etc, a struct seems to >> make more sense, but use whatever is best for you. > >Actually, a struct makes a LOT of sense, and I see what you're >saying now. > >> Why not just use one application.cfm in the root of your site? > >I think I came to this realization at about the same time you >hit "send" on >this email. > >So now, let me see if I understand this correctly. > >1. Login.cfm will reside in the root and will take username >and password >2. Login_process will ALSO reside in the root, and if the user >successfully >logs in, it sets a session, <cfset session.LoggedIn=1> >refreshes the parent >window, then closes itself. >3. If not a success, then that page stays up and gives the user the >opportunity to try again, or close the window. > >Once the user successfully logs in: >Place a line of code on each page in that "protected" >directory that will >check for the existence of session.logged in, if not present, >redirect to >the index page of the root, which has a link to the login popup. >
no need to place this check in every page...that's what application.cfm is for. Doug >This being safe because, as long as no other pages in the site >are checking >for the existence of "session.loggedin" they should display just fine. > >> See above. Did you notice how my code looked for form variables to >> detect a login? There is no reason why your code couldn't do >that. I'd >> have the popup simply output JavaScript code to 'push' the >parent window >> to /lower, where /lower is the subdirectory of protected >files. Note - >> you don't really need to use a whole other subdirectory. You >could write >> your Application.cfm code so that the popups load. > >Well, that subdirectory will be further broken down by "roles" (if I >understand roles correctly) so that a user will only be able to access >subdirectories if their roles match, and if they don't they'll >see an error >message. > >EX: /lower/user1 where role="user1". I was going to use their >role to limit >them to access to only "their" directory. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
